Notification of Eligible Data Breach

GeelongPort Pty Ltd was recently the subject of a cyber attack which resulted in a data breach of electronically stored information.

As part of the investigation into the data breach, we identified that personal information held in the compromised account relating to port visitors as part of the induction process, may have been available for access by an unauthorised party.

Please find below further information relating to the data breach as well as steps that GeelongPort recommends you should take to reduce the risk of harm due to the breach.

Description of the data breach

On or about 18 April 2019, a GeelongPort employee’s email account was breached causing the account’s contents to potentially be exposed to an unknown third party.

The suspected data breach was identified on 29 April 2019 and immediate steps were taken to disable the email account and further strengthen security.

Actions GeelongPort took to mitigate the data breach

On 29 April 2019, the IT team commenced an investigation into the eligible data breach. The IT team was able to immediately suspend the compromised account and enable additional security measures.

GeelongPort commenced an investigation into the cause of the breach and commenced a review of all data in the account. In conjunction with our IT supplier, further steps are being taken to reduce the risk of any future attacks.

GeelongPort have notified the Office of the Australian Information Commissioner of the incident.

Information involved in the data breach

The compromised account contained emails with database files relating to port visitor inductions containing:

  • Full name
  • Drivers licence number

Whilst GeelongPort have no direct evidence to suggest that this information has been accessed, it is still a possibility and therefore taking steps to mitigate any risks would be appropriate.

As GeelongPort does not have contact information stored permanently for many visitors, this bulletin is being posted on our website to alert any potential prior visitors to the port of the breach.

Recommended steps to reduce the risk of harm

GeelongPort recommends that potentially affected are vigilant for any unusual contact from unknown individuals or entities requesting information.

Further advice on steps to mitigate any identity theft risks is attached to this bulletin (‘Additional precautionary guidelines’).

If you have any further questions GeelongPort can be contacted via:

Additional Precautionary Guidelines


Identity fraud (also known as ‘identity theft’) involves someone using another person’s personal information without consent, often to obtain a benefit. For example, identity fraud can result in someone using another person’s identity to open bank accounts, obtain a credit card, apply for a passport, or conduct illegal activity. If you suspect you could be a victim of identity fraud:

  • Inform the agency or organisation that issued your identity document
  • Contact your bank or financial institution and tell them what happened, change your account passwords and close any unauthorised accounts

You can get a copy of your credit report to check it is accurate (you are entitled to a free credit report every year). This report will also show you which organisations have recently checked your credit history, so you can tell them not to authorise a new account in your name.

Contact a credit reporting body (CRB) to obtain a copy of your credit report. You will be asked to provide personal information to enable them to properly identify you. This could include your:

  • full name
  • address
  • date of birth
  • previous address
  • driver’s licence number

To request a copy of your credit report contact these national CRBs:

You can get a copy of your credit report for free from a CRB in all of the following circumstances:

  • if you have applied for, and been refused credit, within the past 90 days
  • where your request for access relates to a decision by a CRB or a credit provider to correct information included in your credit report, and
  • once a year (not counting the above circumstances).

Credit reports are required to be provided within 10 days of the receipt of your request, however, if you want your report immediately there may be a charge involved. You can check with the CRB about any charges involved in getting your credit report immediately.

Further resources to assist:

SCAMWATCH for information about how to recognise, avoid, and report scams.


Provides advice on protecting yourself online and information on the latest online threats and how to respond. For example, Stay Smart Online has guidance on creating strong passwords, two-factor authentication and anti-virus software